#13074 closed bug (notabug)
html("<div onclick='xyz'>x</div>") call with event on server Internet Explorer causes security error
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | undecided | Milestone: | None |
| Component: | unfiled | Version: | 1.8.3 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
When I run $("#Item").html("<div onclick='xyz'>x</div>") it causes a popup error
Content from the website listed below is being blocked by the Internet Explorer Enhanced Security Configuration. about:blank
It offers to add about:blank to the Trusted sites zone. If added, the error no longer appears.
This error does not cause the script to fail. The script resumes and works perfectly, and the error doesn't appear even if ran again until next page reload.
I have tested this on a server 2003 IE8 and server 2008 IE9 and they both show this behavior. This appears to affect older versions of jquery as well.
Change History (5)
comment:1 Changed 11 years ago by
comment:2 Changed 11 years ago by
| Resolution: | → notabug |
|---|---|
| Status: | new → closed |
Hey there little <div>, what are you doing in a <tbody>? You are NOT supposed to be there! And what about you <tbody>, you aren't even in a <table>! Go find a <table>, silly <tbody>.
comment:3 Changed 11 years ago by
Since you put it that way, updated code to be a bit more compliant. Still a bug.
comment:4 Changed 11 years ago by
My example worked fine in both IE8 and IE9. Please take it to the forum and debug it there.
comment:5 Changed 11 years ago by
Also I should add that in general, inline event handlers are on jQuery's wontfix list since they are a security risk and extremely bad practice.
Here is an example code -- http://jsfiddle.net/2BBq6/